Amazon security patch release for CVE-2026-50549
Security Patch Release
Summary
Hide ▲
Show ▼
Amazon, Google and Cursor shipped fixes for GhostApproval, a flaw in AI coding assistants that let deceptive repository paths bypass approval prompts. The patch response covered Amazon Q Developer, Google Antigravity and Cursor, with Cursor assigning CVE-2026-50549. The issue mattered because the flaw could hide writes to sensitive files and enable remote code execution on developer machines.
Related Happenings
AWS Amazon Q Developer patch for CVE-2026-12957 and CVE-2026-12958
Security Patch Release
H score18
First: 26.06.2026 18:23
Last: 26.06.2026 18:23
Sources 1
About this happening:
**AWS** released fixes for **Amazon Q Developer** after a high-severity flaw in the **VS Code extension** could expose developers’ **cloud credentials**. The patch set covers **CV...
AWS Amazon Q Developer patch for CVE-2026-12957 and CVE-2026-12958
Security Patch ReleaseAbout this happening: **AWS** released fixes for **Amazon Q Developer** after a high-severity flaw in the **VS Code extension** could expose developers’ **cloud credentials**. The patch set covers **CV...
Dify security patch release for CVE-2026-41947
Security Patch Release
H score34
First: 22.06.2026 19:13
Last: 22.06.2026 19:13
Sources 1
About this happening:
**Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Dify security patch release for CVE-2026-41947
Security Patch ReleaseAbout this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch Release
H score45
First: 22.05.2026 11:19
Last: 22.05.2026 11:19
Sources 1
About this happening:
**TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch ReleaseAbout this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
H score26
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Timeline
-
09.07.2026 14:00 2 articles · 10h ago
Amazon, Google and Cursor ship GhostApproval fixes
Mitigation Patch UpdateWiz said it reported GhostApproval to all six vendors in early 2026, and by July 9 Amazon, Google and Cursor had shipped fixes for the symlink-based approval bypass; Cursor assigned CVE-2026-50549, Augment and Windsurf had not released fixes, and Anthropic disputed that Claude Code's behavior was a vulnerability.
Show sources
- GhostApproval Flaw Hits Six Major AI Coding Assistants — www.infosecurity-magazine.com — 09.07.2026 14:00
- GhostApproval Flaw Hits Six Major AI Coding Assistants — www.infosecurity-magazine.com — 09.07.2026 14:00
-
07.07.2026 03:00 1 articles · 2d ago
Wiz Research publishes GhostApproval proof of concept
Technical Analysis UpdateWiz Research published a July 7 proof of concept for GhostApproval across Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity and Windsurf, showing that a symlink inside a repository could disguise a target such as project_settings.json and redirect writes into a developer's SSH keys, which could grant passwordless remote access.
Show sources
- GhostApproval Flaw Hits Six Major AI Coding Assistants — www.infosecurity-magazine.com — 09.07.2026 14:00